The Mr. Cools selling information security services call it ethical and those hack with utter rudeness are labeled unethical. Both work for some goals – personal vandetta, capital gains or sponsored by cronies looking to encash the overall vulnerability and create business oppurtunities out of it. Much like mudering someone either for a supari or for saisfying greed of a cozy selfie army. Like other hyped menaces, hacking correctness is a doctrine fostered by a delusional, illogical minority, and promoted by unscrupulous cronies within mainstream technology world which holds forth the proposition that it is entirely possible to pick up a hacker turd by the clean end.
As hackers started making money, the field is becoming full of humming professionals that inspire organized cyber crime, buying top legal support. Taking clues from their corporate, political and social masters, hackers have already developed their own business models in order to operate as a profitable organization. What do these business models look like? More data, more money. So the attack logic is simple: the more attacks, the more likely victim – so you automate. But interesting variations keeps emerging e.g. hackers do buy or steal white data from social media privacy traders like Fakebooks, Goolies, Flippers, Snapers, AamAsses etc.. and bang innocent navie users with deception via selfie updates, emails or even direct mobile calls. This is also called win-win strategic partnership, done mostly in cool backdoor intellect encounters!
An example: A master hacker or the great cronie writes a phishing toolkit (an app, website or some innovative stuff) for other worker hackers to use. The proxy hackers download the kit, chose a phishing site or mobile app using a simple GUI dashboard and, just like that, the proxy hackers were good to go. The popularity of the kit soar, since, as opposed to traditional phishing setups where hackers are required to set up and allocate storage for the data collection, this kit offer to remove that back-office work from the proxy hacker. The master hacker provide with his kit cloud storage for the fraudulently obtained credentials. The credentials, once retrieved, would go to the cloud storage and reside in a location allocated only for the single proxy hacker. Controls were set such that one proxy hacker could not access the allocation area of another proxy hacker.
The proxy hackers could continue with their attacks without ever worrying about being cheated out by a fellow hacker. But this kit had a twist: although access to the credentials storage was secured from the eyes of fellow proxy hackers, this was not the case with the master hacker. A backdoor on the storage system allowed the viewing of all these credentials by the master hacker who wrote the kit. In reality then, all the proxy hackers were each gathering the credentials for the master hacker!
Now consider the scenario – assume each proxy hacker gains a dozen credentials. And a thousand hackers have downloaded the kit – that’s already over 10K worth of valuable data without the master hacker ever needing to dirty his hands with the actual target! In fact, the master hacker boasted some 200K downloads. This number may surely be exaggerated, but the point is clear – it is widely in use. In India, it’s also done via innovative network marketing, online!
Like any so-called successful loot driven business of winners, it is not enough to just advertise. To really penetrate the market, you need to show you know your stuff. Hackers are even using organized cum hyped social media as a channel to promote their skills, no wonder if they’re using other popular media. As traditional mafia or terror activities gets less lucrative, tutorials on hacks are getting common, and the tech biggies love it anyway as it creates new prospects to counter-sell their anti-hacking kits. A new nursery rhyme “hacker, hacker, the uncle rule breaker – hacker, hacker, the great quick money maker, thou privacy trader!”.